CVE-2024-25157
EUVD-2024-2249514.08.2024, 15:15
An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| fortra | goanywhere_managed_file_transfer | 𝑥 < 7.6.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| fortra | goanywhere_managed_file_transfer | 6.0.1 ≤ 𝑥 < 7.6.0 | ADP |
Common Weakness Enumeration
- CWE-303 - Incorrect Implementation of Authentication AlgorithmThe requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.